Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 5, 2015. Also cited in 279 other reports.
Report ID: FV4511, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the unauthorized access of Protected Health Information (PHI) for one patient, Patient A. This failure had the potential to result in the misuse of Patient A's private/medical information.Findings:On February 5, 2015, at 10:30 a.m., a phone investigation was conducted with the facility's Information Privacy Officer (IPO), for an entity reported incident. The IPO stated the facility had received an anonymous report that Patient A's record had been accessed by unauthorized employees. Two audits were conducted, one on January 30, 2015, and the second after the patient's discharge on February 6, 2015. The facility found that one employee accessed Patient A's record without an authorized reason to do so, on February 2, 2015. The IPO stated, the employee accessed Patient A's face sheet and had access to the patient's demographic information and diagnosis. The IPO stated, at the time of this access, the employee had no authorized clinical reason to access Patient A's record. The facility's policy and procedure titled, "HIPAA- Use and Disclosure of Protected Health Information," dated January 2, 2014, was reviewed. The policy indicated, "It is the policy of... (facility's name), that the confidentiality of Protected Health Information contained in records and collected...will be protected to the fullest extent possible...To protect the patient's right to privacy and confidentiality, at no time will names or information be shared with any person who does not have a need to know in order to provide patient care."The facility policy and procedure titled, "Information Privacy," dated February 13, 2015, indicated, "Unauthorized or Unlawful Access: is the viewing or retrieval of an individual's PHI either electronically or in paper form when this information is for the purposes not relevant to the workforce member's treatment, payment process, or hospital related administrative purposes..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280